May 2016

Cisco Advanced Malware Protection

The RealityOrganizations Are Under Attack and Malware Is Getting in

Viruses1990-2000

Worms2000-2005

Spyware and Rootkits2005-Today

APTs CyberwareToday +

1990 1995 2000 2005 2010 2015 2020

Phishing, Low

Sophistication Hacking Becomes

an Industry Sophisticated Attacks,

Complex Landscape

of large companies

targeted by malicious traffic95% of organizations interacted

with websites hosting malware100%

Cybercrime is lucrative, barrier to entry is low

Hackers are smarter and have the resources to compromise your organization

Malware is more sophisticated

Organizations face tens of thousands of new malware samples per hour

Malware Will Get Into Your Environment

.

95% of large companies

targeted by malicious traffic

60%of data stolen in hours

65%of organizations say attacks

evaded existing preventative

security tools

$5.9MAverage cost of a breach in

the United States

Once Inside, Organizations Struggleto Deal with It

33% of organizations take 2+

years to discover breach

55%of organizations unable to

determine cause of a breach

45 daysAverage time to resolve

a cyber-attack

54%of breaches remain

undiscovered for months

Antivirus

Legacy IPS

Initial Disposition = Clean Actual Disposition = Bad

Too Late!!

Analysis Stops

Eve

nt

Ho

rizo

n

Sleep Techniques

Unknown Protocols

Encryption

Polymorphism

Blind to scope

of compromise

Point-in-Time Detection Tools Alone Are Insufficient and Provide Limited or No Visibility Into Threats Once They Get in

Not 100%

Continuously

Rapidly

+• Prevention

• Detection

• Containment

• Remediation

Breach

Cisco AMP Provides Threat Intelligence,Point-in-Time Detection, and Continuous Analysis of Files to Defeat Advanced Threats

Attack Continuum

Data Center/Servers EndpointsEmail and Web Network Mobile

Before During AfterBefore

Discover

Enforce

Harden

DuringDetect

Block

Defend

AfterScope

Contain

Remediate

Threat intelligence

and analytics

Point-in-Time

detection

Retrospective

security and

continuous analysis

AMP Provides the Visibility and Control to Effectively Prevent, Block, Detect, and Remediate Advanced Threats

Threat

Intelligence

and Analytics

with

Point-in-Time

Protection

with

Continuous

Analysis and

Retrospective

Security

with

2. Control

1. Visibility See

Prevent

Before an attack

Detect

Block and

Contain

During an attack

Record,

Analyze, Detect

Remediate

After an attack

Learn about threats faster

Threat Intelligence and Advanced AnalyticsAMP Strengthens Defenses Using Threat Intelligence and Malware Analysis

Extensive and growing back-end research on the latest threats and security trendsKnowledge

base

Analytics and behavioral indicators for your system written in plain English Insight

Team of threat analysts/researches working to provide you with the latest threat intelligence 24/7Expertise

13 billionweb requests per day

100 TBof data received daily

1.1 millionincoming malware

samples per day

35% worldwide email traffic

Threat Intelligence and Advanced AnalyticsThe Numbers

1.6 million global sensors

100 TB of data received

per day

150 million+

deployed endpoints

Experienced team of

engineers, technicians,

and researchers

35% worldwide email traffic

13 billion web requests

24x7x365 operations

4.3 billion web blocks

per day

40+ languages

1.1 million incoming

malware samples per day

AMP Community

Private/Public

Threat Feeds

Talos Security Intelligence

AMP Threat Grid

Intelligence

AMP Threat Grid Dynamic

Analysis

10 million files/month

Advanced Microsoft

and Industry Disclosures

Snort and ClamAV Open

Source Communities

AEGIS Program

Web

WWW

Endpoints DevicesNetworksEmail IPSAutomatic

updates

in real time

101000 0110 00 0111000 111010011 101 1100001 110

1100001110001110 1001 1101 1110011 0110011 101000 0110 00

1001 1101 1110011 0110011 101000 0110 00

101000 0110 00 0111000 111010011 101 1100001

1100001110001110 1001 1101 1110011 0110011 10100

1001 1101 1110011 0110011 101000 0110 00

Cisco®

Collective

Security

IntelligenceCisco Collective

Security Intelligence Cloud

AMPAdvanced Malware Protection

Point-in-Time DetectionAMP Delivers the First Line of Defense, Blocking Known and Emerging Threats with Point-in-Time Defenses

One-to-one signature

Fuzzy finger-printing

Machine learning

Advanced analytics

Static and dynamic analysis

(sandboxing)

Offer better accuracy and dispositioning

Block known and emerging threats

Protect your business with no lag

Automatically stop as many threats as possible, known and unknown

But Point-in-Time Detection Alone Will Never Be100% Effective

Continuous Analysis and Retrospective SecurityOnly AMP Continuously Monitors and Analyzes All File Activity, Regardless of Disposition

Across all control points

To answer the questions that matter…

Take advantage of key capabilities

Web

WWW

EndpointsEmail Network

Mobile

Track it’s rate of progression

and how it spread

See what it is doingIdentify a threat’s

point of origin

See where it's been Surgically target

and remediate

The AMP Everywhere ArchitectureAMP Protection Across the Extended Network for an Integrated Threat Defense

AMP

Threat Intelligence

Cloud

Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat

Linux for servers

and datacenters

AMP on Web and Email Security AppliancesAMP on Cisco® ASA Firewall

with Firepower Services

AMP Private Cloud Virtual Appliance

AMP on Firepower NGIPS

Appliance

(AMP for Networks)

AMP on Cloud Web Security and Hosted Email

CWS/CTA

Threat Grid

Malware Analysis + Threat

Intelligence Engine

AMP on ISR with Firepower

Services

AMP for Endpoints

AMP for Endpoints

Remote Endpoints

AMP for Endpoints can be

launched from AnyConnect

Deployment Options in Detail

AMP on ESA, WSA, ASA, CWS

AMP for Networks(AMP on FirePOWER

Network Appliance)

AMP for

Endpoints

AMP

Private Cloud

Virtual Appliance

License with ESA, WSA, CWS,

or ASA customersSnap into your network

Install lightweight connector

on endpoints

Deploy on-premises

Virtual Appliance

New or existing Cisco

CWS, Email/Web Security,

ASA customers

FirePOWER NGIPS customers

Windows, Mac, Android, Linux,

virtual machines; can also deploy

from AnyConnect client

High-Privacy Environments

ESA/WSA: Prime visibility into

email/web

CWS: web and advanced

malware protection in a cloud-

delivered service

AMP capabilities on ASA with

FirePOWER Services

Wide visibility inside network

Broad selection of features-

before, during, and after

an attack

Comprehensive threat

protection and response

Granular visibility and control

Widest selection of

AMP features

Private Cloud option for

those with high-privacy

requirements

Can deploy full air-gapped

mode or cloud proxy mode

For endpoints and networks

Hybrid or on-premises integrationOn-premises integration in 1H

2016

Integrated into file

analysis featureIntegration coming in 1H 2016

Private

Deployment

options

Method

Ideal for

Details

Threat Grid

If Something Gets in, Retrospective Security Helps You Find Answers to the Most PressingSecurity Questions

What happened?

Where did the malware come from?

Where has the malware been?

What is it doing?

How do we stop it?

See AMP in Action! :

https://www.youtube.com/watch?v=sRqlHdxAP5g